Cutelyst  3.4.0
csrfprotection.h
1 /*
2  * Copyright (C) 2017 Matthias Fehring <kontakt@buschmann23.de>
3  *
4  * This library is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU Lesser General Public
6  * License as published by the Free Software Foundation; either
7  * version 2.1 of the License, or (at your option) any later version.
8  *
9  * This library is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * Lesser General Public License for more details.
13  *
14  * You should have received a copy of the GNU Lesser General Public
15  * License along with this library; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17  */
18 
19 #ifndef CSRFPROTECTION_H
20 #define CSRFPROTECTION_H
21 
22 #include <Cutelyst/cutelyst_global.h>
23 #include <Cutelyst/Plugin>
24 
25 namespace Cutelyst {
26 
27 class Context;
28 class CSRFProtectionPrivate;
29 
235 class CUTELYST_PLUGIN_CSRFPROTECTION_EXPORT CSRFProtection : public Plugin
236 {
237  Q_OBJECT
238  Q_DECLARE_PRIVATE(CSRFProtection)
239 public:
243  CSRFProtection(Application *parent);
244 
248  virtual ~CSRFProtection() override;
249 
255  void setDefaultDetachTo(const QString &actionNameOrPath);
256 
261  void setFormFieldName(const QString &fieldName);
262 
266  void setErrorMsgStashKey(const QString &keyName);
267 
273  void setIgnoredNamespaces(const QStringList &namespaces);
274 
282  void setUseSessions(bool useSessions);
283 
298  void setCookieHttpOnly(bool httpOnly);
299 
304  void setCookieName(const QString &cookieName);
305 
310  void setHeaderName(const QString &headerName);
311 
318  void setGenericErrorMessage(const QString &message);
319 
325  void setGenericErrorContentTyp(const QString &type);
326 
330  static QByteArray getToken(Context *c);
331 
341  static QString getTokenFormField(Context *c);
342 
349  static bool checkPassed(Context *c);
350 
351 protected:
352  CSRFProtectionPrivate *d_ptr;
353 
354  virtual bool setup(Application *app) override;
355 };
356 
357 }
358 
359 #endif // CSRFPROTECTION_H
Cutelyst::Application
The Cutelyst Application.
Definition: application.h:56
Cutelyst::CSRFProtection
Protect input forms against Cross Site Request Forgery (CSRF/XSRF) attacks.
Definition: csrfprotection.h:236
Cutelyst::Context
The Cutelyst Context.
Definition: context.h:52
Cutelyst
The Cutelyst namespace holds all public Cutelyst API.
Definition: Mainpage.dox:8
Generated by doxygen 1.9.1